Butlr Developer Docs
  • Welcome
  • What is Butlr
  • Spatial Metrics
  • Getting Started
    • Authentication
    • Making your first query
    • Mint Client Credentials
  • Changelog
  • Asset Management
    • GraphQL API Overview
      • Sites
      • Buildings
      • Floors
      • Rooms
      • Zones
      • Hives
      • Sensors
      • Asset Tags
    • GraphQL API Introsepction
  • Historical Occupancy
    • Reporting API Overview
      • Floor Occupancy
      • Room Occupancy
      • Zone Occupancy
      • Query Occupancy by Tag
      • Traffic
      • Presence Time
      • Statistic Overview
    • FAQs
  • Real-time occupancy
    • Webhooks Overview
      • Area Detections
      • Entryway Traffic
      • Floor Occupancy
      • Room Occupancy
      • Zone Occupancy
      • Motion Detection
      • No Motion Detection
    • Manage Webhooks
      • Create Webhooks
      • Update Webhooks
      • Delete Webhooks
      • List Webhooks
  • LINKS
    • Butlr Postman Collection
    • Butlr Website
    • Status
    • Support
    • Log In
Powered by GitBook
On this page

Getting Started

PreviousSpatial MetricsNextAuthentication

Last updated 7 months ago

Our API accepts that comply with the to authenticate requests.

You have two options that comply with the to obtain an access_token and we recommend choosing one based on your use case.

    • The password grant type is preferred when a trusted client application needs to obtain an access token on behalf of a specific user by directly using their username and password. This approach is suitable for first-party applications where users trust the client with their credentials, enabling access to user-specific resources with full user context.

  • .

    • The client credentials grant type is ideal when an application needs to authenticate itself to access its own resources or perform operations that are not user-specific. Commonly used in server-to-server interactions, this method allows the application to act autonomously by obtaining an access token using only its client ID and secret, without involving any end-user.

Notes:

  1. Refresh Tokens and Expiry Patterns: Access tokens are typically short-lived to minimize security risks if compromised, while refresh tokens are long-lived and allow clients to obtain new access tokens without re-authenticating the user. In the password grant type, refresh tokens are often issued to maintain user sessions seamlessly. In contrast, refresh tokens are usually not issued with the client credentials grant type because the client can obtain new access tokens using its credentials whenever needed. Additionally, access tokens obtained via the client credentials grant type may sometimes have longer expiration times since the client is a trusted application acting on its own behalf without user interaction; however, this can vary based on the authorization server's policies and security considerations.

  2. Butlr Dashboard Authentication: For the Butlr Dashboard we use via Auth0 hosted redirect to remove Butlr from the password exchange flow.

JWT access tokens
OAuth 2.0 protocol
OAuth 2.0 protocol
OAuth 2.0 Password Grant Type
OAuth 2.0 Client Credentials Grant Type
OAuth 2.0 Authorization Code Grant